[release-announce] tripleo-heat-templates 12.4.2 (ussuri)
no-reply at openstack.org
no-reply at openstack.org
Thu Jan 28 16:25:48 UTC 2021
We are pumped to announce the release of:
tripleo-heat-templates 12.4.2: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the ussuri stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
12.4.2
^^^^^^
New Features
************
* Added "MemcachedMaxConnections" setting with a default of 8192
maximum connections in order to allow an operator to override that
value in environments where memcached is heavily sollicited.
* Add parameter "NovaAllowResizeToSameHost" to allow instances to
resize to the host they are currently on. Normally the source host
is excluded.
* To isolate LVM volumes created by compute guests, within Cinder
volumes, from the LVM volumes created/managed by the host itself, a
new task has been introduced to create an allowlist and denylist of
devices which should be accessible (or not) to the host, configured
in lvm.conf using the global_filter key. The allowlist is generated
gathering the list of existing in-use physical disks (or partitions)
and appending to it any user provided device passed via
*LVMFilterAllowlist* parameter. The denylist is configured via
*LVMFilterDenylist* and defaults to ['.*'], which means it blocks
any device not explicitly allowed. Both the list parameters can be
specified per-role. The feature is, by default, disabled and can be
enabled passing *LVMFilterEnabled: true*; when disabled the existing
lvm.conf won't be touched and a version of it which includes the
global_filter will be left, for debugging, in
*/tmp/tripleo_lvmfilter.conf*.
* A new multipathd-container-ansible.yaml heat template replaces the
multipathd-container.yaml template. The new template adds support
for the following new parameters. * MultipathdSkipKpartx *
MultipathdCustomConfigFile
* Add parameters *NovaLibvirtCPUMode*, *NovaLibvirtCPUModels* and
*NovaLibvirtCPUModelExtraFlags* to allow configuration of CPU
related parameters *libvirt/cpu_mode*, *libvirt/cpu_model* and
*libvirt/cpu_model_extra_flags* respectively.
* This change updates the multiple-nics and multiple-nics-vlans
templates so that an external bridge is created if either the role
uses the External network or the "external_bridge" tag is set in the
role definition. This is done instead of checking if the role name
is "Controller". This change also assigns the "external_bridge" tag
to the Controller as well as the Compute roles so that both roles
can access the Neutron external bridge for floating IPs or SNAT by
default so that OVN can use DVR.
* The NovaApiMaxLimit parameter allows the operator to set Nova API
max_limit using a Heat parameter in their templates.
* Add parameter *NovaVGPUTypesDeviceAddressesMapping* provide
mapping for multiple vgpu types and corresponding device addresses.
Upgrade Notes
*************
* Cinder's legacy "volume" service and its associated endpoints are
automatically removed from the keystone catalog. The "volume"
service is associated with Cinder's v1 API, which was removed in
Queens.
* When upgrading from the multipathd-container.yaml template to the
new multipathd-container-ansible.yaml template, bear in mind the new
MultipathdSkipKpartx parameter will configure the corresponding
skip_kpartx setting in /etc/multipath.conf.
* Now NotificationDriver is set to noop by default, as legacy
telemetry services are disabled by default. Explicitly set
NotificationDriver parameter to notifications from each services.
* The "external_bridge" tag is now used for the Compute node. An
external network bridge is required on the compute nodes in order to
host floating IPs when using DVR. OVN deploys with DVR by default.
Deprecation Notes
*****************
* The multipathd-container.yaml template is deprecated in favor of a
new multipathd-container-ansible.yaml template. The new template is
backward compatible with the old template, but see the features and
upgrade notes for additional details.
Bug Fixes
*********
* As per launchpad bug 1855704, the lvmfilter task aims at hiding to
the host the LVM2 volumes created by compute guests in Cinder
volumes or Glance images.
* When using the Shared File Systems service (manila), you may now
use the Heat template parameter "ManilaEnabledShareProtocols" to
configure the NAS protocols that users may use. If not set, the
value is inferred per the storage backends that have been enabled.
* The keystone catalog is automatically updated to remove any
entries associated with Cinder's v1 API "volume" service. This fixes
bug 1897761 (https://bugs.launchpad.net/tripleo/+bug/1897761).
* Fixed the Octavia OctaviaTenantLogFacility setting default to 0 to
align it with the project default.
* Certificates get merged into the containers using kolla_config
mechanism. If a certificate changes, or e.g. UseTLSTransportForNbd
gets disabled and enabled at a later point the containers running
the qemu process miss the required certificates and live migration
fails. This change moves to use bind mount for the certificates and
in case of UseTLSTransportForNbd ans creates the required
certificates even if UseTLSTransportForNbd is set to False. With
this UseTLSTransportForNbd can be enabled/disabled as the required
bind mounts/certificates are already present.
*
https://review.opendev.org/q/I8df21d5d171976cbb8670dc5aef744b5fae65
7b2 introduced THT parameters to set libvirt/cpu_mode. The patch
sets the NovaLibvirtCPUMode wrong to 'none' string which results in
puppet-nova not to handle the default cases correct and sets
libvirt/cpu_mode to none which results in 'qemu64' CPU model, which
is highly buggy and undesirable for production usage. This changes
the default to the recommended CPU mode 'host-model', for various
benefits documented elsewhere.
* When using RHSM Service (deployment/rhsm/rhsm-baremetal-
ansible.yaml) based registration of the overcloud nodes and enabling
the KSM using NovaComputeEnableKsm=True the overcloud deployment
will fail because the RHSM registration and the ksm task run as
host_prep task. The handling of enable/disable ksm is now handled in
deploy step 1.
* In case of cellv2 multicell environment nova-metadata is the only
httpd managed service on the cell controller role. In case of tls-
everywhere it is required that the cell controller host has ther
needed metadata to be able to request the HTTP certificates.
Otherwise the getcert request fails with "Insufficient 'add'
privilege to add the entry
'krbprincipalname=HTTP/cell1-cellcontrol-0....'"
Changes in tripleo-heat-templates 12.4.1..12.4.2
------------------------------------------------
0f3cc2653 [USSURI ONLY] Remove duplicate /var/run/openvswitch bind mount
d3ef7c0fa Set up right DNF module stream for Upgrades and Updates.
b3521d542 Ensure LANG env is properly set when puppet runs.
bc23f0e31 Add setting to override max memcached connections
a7b1c81a0 Fix swift containers idempotency
de5fcf0d3 Refresh Swift ring files without restarting containers
8968c7efd Rolling certificate update for HA services
977fc27fa Adding key_size option on the certificate creation
54b080903 Wire up new tripleo upgrades jobs template
dcab52658 Don't pass empty values for ipaclient_servers to ipaclient role
3b9e1dad6 Define a new CinderVolumeEdge service
57e689834 Rely on the HOSTNAME var to resolve the mon container name
833e812ba Ensure cinder LVM volumes work after system restart
3846879d4 Skip Trilio dirs when setting ownership in /var/lib/nova
f6b05380b Set setgid mode bit for /var/lib/ironic
b51683ceb Remove Luna HSM clients on scaledown
60b2ac482 The lower constraint file has been removed
176889bec Run os-net-config on step 3
8ffad6e84 Move ipa check to external_deploy_tasks
b8ec72926 [Ussuri/Train] Check mode doesn't work for async tasks
de1b88ca5 Run online migration tasks from external_update_tasks too.
2d478acc3 Enable tripleo_free strategy for upgrade
319515719 Remove vfio-pci.conf module load file
ff4bbbf94 Fix barbican settings missing from glance Edge nodes
d35ed9771 node_exporter_container_image is needed in 'all' group
ec495e9a0 Adding Ceph Dashboard to the Edge roles
6cc86ee96 Add qemu metadata to compute node when tls for live migration
79b528061 Add NovaApiMaxLimit configure max_limit for nova
2de50cc3c Identify HSMs using labels instead of Slot ID
47d31250e Switch novajoin to use RpcUserName
d5a87a297 Use ansible for nodes validation
e51143134 Set correct default NovaLibvirtCPUMode
77de9ff3e Use bind mounts for tls certificates
fa6700449 Add file which enables QoS related L3 agent extensions
5b553b611 [ussuri] Migrate to content provider jobs/templates
243055beb Make sure apache metadata is set for nova-metadata service
23718b21c Refresh ceph-ansible group_vars values
365397323 Move enable ksm on compute node to deploy step 1
a1058dbe7 Add CinderBackupOptVolumes parameter
f15758abb Properly compute hostname when looking for the ceph-mon container
15a196e79 Filter computes with nova_host defined
8d186938d Fix MetricsQdrUseSSL value
bf5883f10 Fix ceilometer_agent_compute healthcheck
013d15f48 [stable/ussuri,train] Add cidr to outputs of port_from_pool.j2
230a0ad90 Always set dashboard_protocol when Ceph Dashboard is enabled
29b8a69a8 Fix memcached logging
a19a3c6ae Deploy multipathd using tripleo_multipathd ansible role
815af694a Add NovaDisableImageDownloadToRbd parameter
0b58b547b Config options for AMQP1 transport in collectd sensubility
bf50c743a Add package install for openssl-perl
805fe6e41 Don't manage bridge mappings in scenario file
f41f220cb Add CephClientConfigOverrides resource
4747cc41c Run tripleo_lvmfilter role to restrict block devices visible to LVM2
aaecbcc2e Don't use POLL_SERVER_CFN transport for DeployedServer
f9df16fc8 Expose new THT params for cpu model flags
acc6fe01e Fix names of the puppet parameters used to set min bw limits in Neutron
256f92d25 Add possibility to set logging source for Horizon
9203e6998 Return details in output of container health check
01714bd31 Fix Octavia OctaviaTenantLogFacility default
3e4745e92 Change permissions on /run/octavia to octavia
6f7027346 Force CephAnsiblePlaybook to its default value on FFU prepare
bb866621a [manila] Add "ManilaEnabledShareProtocols" param
7ab640cfa Disable notification from services by default
15faa808a Add config option for collectd libpodstats
514ac5b08 Use `undercloud` instead of `Undercloud` when delegating tasks
a7f4a1566 Retry container pull 3 times
99220e0ca [FFU] Remove cinder's v1 keystone service
d91a8c121 Also configure Ironic for UC minions
d00312805 Expose new parameter `NovaVGPUTypesDeviceAddressesMapping`
76e3a6880 Make NovaLibvirtOptVolumes role specific
98d889fd7 Remove dashboard_frontend_vip from the ceph mgr template
e83c47f11 firewall: make ExtraFirewallRules role specific
513321b3b Squashed backport for 'NovaAllowResizeToSameHost' parameter
fa830587d Add ability to manage irqbalance on compute per role
1674d3a34 Create external bridge on Compute nodes by default for OVN with DVR
e821f91b6 Centralized logging minor fixes
e1b4dca17 Add more metadata to logs
74977e585 Enable Ceilometer data transfer for STF
Diffstat (except docs and test files)
-------------------------------------
all-nodes-validation.yaml | 45 ----
ci/common/all-nodes-validation-disabled.yaml | 37 ----
ci/environments/multinode-containers.yaml | 4 -
ci/environments/neutron_l3_qos.yaml | 2 +
.../scenario000-multinode-containers.yaml | 3 -
ci/environments/scenario000-standalone.yaml | 3 -
.../scenario001-multinode-containers.yaml | 5 +-
ci/environments/scenario001-standalone.yaml | 16 +-
ci/environments/scenario002-standalone.yaml | 8 +-
ci/environments/scenario003-standalone.yaml | 10 +-
ci/environments/scenario004-standalone.yaml | 3 -
.../scenario007-multinode-containers.yaml | 3 -
ci/environments/scenario007-standalone.yaml | 3 -
.../scenario010-multinode-containers.yaml | 1 -
ci/environments/scenario010-standalone.yaml | 3 -
ci/environments/scenario012-standalone.yaml | 4 -
common/container-puppet.py | 2 +
common/container-puppet.sh | 22 +-
common/deploy-steps-tasks.yaml | 3 +
common/deploy-steps.j2 | 21 +-
config-download-software.yaml | 1 +
config-download-structured.yaml | 1 +
.../monitoring/collectd_check_health.py | 45 ++--
.../nova_statedir_ownership.py | 21 +-
.../pacemaker_mutex_restart_bundle.sh | 90 ++++++++
.../pacemaker_resource_lock.sh | 237 +++++++++++++++++++++
deployment/aodh/aodh-base.yaml | 2 +-
deployment/apache/apache-baremetal-puppet.j2.yaml | 16 ++
.../barbican/barbican-api-container-puppet.yaml | 86 ++++----
.../barbican-backend-pkcs11-crypto-puppet.yaml | 14 +-
deployment/barbican/barbican-client-puppet.yaml | 3 +-
.../ceilometer-agent-compute-container-puppet.yaml | 3 +-
.../ceilometer-base-container-puppet.yaml | 2 +-
deployment/ceph-ansible/ceph-base.yaml | 9 +
deployment/ceph-ansible/ceph-client.yaml | 10 +
deployment/ceph-ansible/ceph-grafana.yaml | 20 +-
deployment/ceph-ansible/ceph-mgr.yaml | 23 +-
deployment/ceph-ansible/ceph-osd.yaml | 4 +-
deployment/ceph-ansible/ceph-rgw.yaml | 20 +-
.../certs/certmonger-user-baremetal-puppet.yaml | 9 +
deployment/cinder/cinder-api-container-puppet.yaml | 16 +-
.../cinder/cinder-backup-pacemaker-puppet.yaml | 4 +
.../cinder/cinder-common-container-puppet.yaml | 17 +-
.../cinder/cinder-volume-pacemaker-puppet.yaml | 4 +
deployment/containers-common.yaml | 6 +
deployment/database/mysql-base.yaml | 16 ++
deployment/database/mysql-pacemaker-puppet.yaml | 4 +
deployment/database/redis-container-puppet.yaml | 16 ++
deployment/database/redis-pacemaker-puppet.yaml | 4 +
.../multipathd-container.yaml | 0
deployment/deprecated/sahara/sahara-base.yaml | 2 +-
deployment/etcd/etcd-container-puppet.yaml | 48 +++--
.../experimental/designate/designate-base.yaml | 2 +-
deployment/glance/glance-api-container-puppet.yaml | 2 +-
.../haproxy-internal-tls-certmonger.j2.yaml | 19 ++
deployment/haproxy/haproxy-pacemaker-puppet.yaml | 4 +
.../haproxy/haproxy-public-tls-certmonger.yaml | 19 ++
deployment/heat/heat-base-puppet.yaml | 2 +-
deployment/horizon/horizon-container-puppet.yaml | 13 ++
deployment/ipa/ipaservices-baremetal-ansible.yaml | 38 ++--
deployment/ironic/ironic-api-container-puppet.yaml | 5 +-
.../ironic/ironic-conductor-container-puppet.yaml | 2 +-
deployment/ironic/ironic-pxe-container-puppet.yaml | 2 +-
deployment/iscsid/iscsid-container-puppet.yaml | 67 +++++-
deployment/keystone/keystone-container-puppet.yaml | 2 +-
deployment/logging/rsyslog-container-puppet.yaml | 24 ++-
deployment/manila/manila-api-container-puppet.yaml | 7 +
deployment/manila/manila-base.yaml | 2 +-
.../manila/manila-share-pacemaker-puppet.yaml | 4 +
.../memcached/memcached-container-puppet.yaml | 9 +-
deployment/metrics/collectd-container-puppet.yaml | 27 ++-
deployment/metrics/qdr-container-puppet.yaml | 24 ++-
deployment/mistral/mistral-base.yaml | 2 +-
.../multipathd/multipathd-container-ansible.yaml | 128 +++++++++++
.../neutron/neutron-api-container-puppet.yaml | 16 ++
deployment/neutron/neutron-base.yaml | 2 +-
.../neutron/neutron-dhcp-container-puppet.yaml | 16 ++
.../neutron-ovs-agent-container-puppet.yaml | 5 +-
.../neutron-ovs-dpdk-agent-container-puppet.yaml | 24 ++-
.../neutron-sriov-agent-container-puppet.yaml | 2 +-
deployment/nova/nova-api-container-puppet.yaml | 10 +
deployment/nova/nova-az-config.yaml | 2 +-
deployment/nova/nova-base-puppet.yaml | 2 +-
deployment/nova/nova-compute-container-puppet.yaml | 144 ++++++++++---
.../nova/nova-conductor-container-puppet.yaml | 5 +-
deployment/nova/nova-libvirt-container-puppet.yaml | 225 +++++++++----------
.../nova/nova-metadata-container-puppet.yaml | 2 +
.../nova/nova-vnc-proxy-container-puppet.yaml | 28 +++
deployment/nova/novajoin-container-puppet.yaml | 6 +-
.../octavia/octavia-api-container-puppet.yaml | 6 +
deployment/octavia/octavia-base.yaml | 4 +-
.../octavia/providers/ovn-provider-config.yaml | 16 ++
.../ovn/ovn-controller-container-puppet.yaml | 16 ++
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 20 ++
deployment/ovn/ovn-metadata-container-puppet.yaml | 16 ++
.../pacemaker/pacemaker-baremetal-puppet.yaml | 2 +-
deployment/rabbitmq/rabbitmq-container-puppet.yaml | 16 ++
...rabbitmq-messaging-notify-container-puppet.yaml | 16 ++
...rabbitmq-messaging-notify-pacemaker-puppet.yaml | 4 +
.../rabbitmq-messaging-pacemaker-puppet.yaml | 4 +
.../rabbitmq-messaging-rpc-container-puppet.yaml | 16 ++
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 4 +
.../swift-refresh-rings-cc327f998490b0df.yaml | 6 +
deployment/swift/swift-proxy-container-puppet.yaml | 10 +
.../swift/swift-ringbuilder-container-puppet.yaml | 10 +
.../swift/swift-storage-container-puppet.yaml | 32 +++
.../tripleo-firewall-baremetal-ansible.yaml | 19 +-
.../tripleo-packages-baremetal-puppet.yaml | 32 ++-
deployment/undercloud/undercloud-upgrade.yaml | 34 +++
environments/barbican-backend-pkcs11-lunasa.yaml | 24 ++-
environments/dcn-hci.yaml | 6 +-
environments/dcn.yaml | 4 +
environments/enable-legacy-telemetry.yaml | 1 +
environments/enable-stf.yaml | 12 +-
environments/firewall.yaml | 23 ++
.../lifecycle/undercloud-upgrade-prepare.yaml | 1 +
environments/lifecycle/update-prepare.yaml | 4 +
environments/lifecycle/upgrade-prepare.yaml | 2 +
environments/metrics/ceilometer-write-qdr.yaml | 4 +-
environments/multipathd.yaml | 2 +-
.../services-baremetal/undercloud-ceilometer.yaml | 3 +
environments/services/undercloud-ceilometer.yaml | 3 +
environments/undercloud/undercloud-minion.yaml | 76 +++++++
lower-constraints.txt | 166 ---------------
.../config/multiple-nics-vlans/role.role.j2.yaml | 4 +-
network/config/multiple-nics/role.role.j2.yaml | 6 +-
network/ports/port_from_pool.j2 | 4 +
overcloud-resource-registry-puppet.j2.yaml | 13 +-
...ddmemcachedmaxconnections-b591c0fa39e821f5.yaml | 6 +
...allow-resize-to-same-host-62f05a5370993425.yaml | 5 +
.../automated-lvmfilter-3bee670c0108585a.yaml | 23 ++
...ng-manila-share-protocols-6ea6bcbbe21b25ee.yaml | 7 +
.../notes/cinder-v1-cleanup-7154ca07652804cf.yaml | 11 +
...e-multipathd-with-ansible-f32f3ea627815191.yaml | 20 ++
releasenotes/notes/cpu-flags-5b027db3eb2b86c2.yaml | 7 +
...sable-notification-driver-a888d4e9b8eed1dc.yaml | 6 +
...dge-by-default-on-compute-f3ff6bf46ab80640.yaml | 15 ++
...nant-log-facility-default-7b6d0670a51fe845.yaml | 5 +
...use_bind_mounts_for_certs-64cb88f78538a64b.yaml | 13 ++
...ova_api_max_limit-support-43fe9792eca63599.yaml | 5 +
..._compute_default_cpu_mode-cda2bb3e56463b3a.yaml | 11 +
.../notes/nova_compute_ksm-444f1cc51ceafb66.yaml | 8 +
...tadata_http_cert_metadata-274e7e8a66727983.yaml | 9 +
.../vgpu-devices-mapping-63dd870f3a00a98a.yaml | 5 +
roles/ComputeOvsDpdkRT.yaml | 1 +
roles/ComputeOvsDpdkSriovRT.yaml | 1 +
roles/ComputeRealTime.yaml | 1 +
roles/ComputeSriovRT.yaml | 1 +
roles/Controller.yaml | 3 +
roles/DistributedCompute.yaml | 2 +
roles/DistributedComputeHCI.yaml | 3 +-
roles/DistributedComputeHCIDashboard.yaml | 80 +++++++
roles_data.yaml | 3 +
sample-env-generator/dcn.yaml | 6 +-
sample-env-generator/undercloud-minion.yaml | 43 ++++
tox.ini | 6 -
zuul.d/layout.yaml | 122 +----------
158 files changed, 2169 insertions(+), 774 deletions(-)
More information about the Release-announce
mailing list